INDIAN CERTIFICATION FOR MEDICAL DEVICES (ICMED) QCI - AIMED Voluntary Initiative on Medical Devices Certification scheme

Transcription

1 INDIAN CERTIFICATION FOR MEDICAL DEVICES (ICMED) QCI - AIMED Voluntary Initiative on Medical Devices Certification scheme Requirements for Certification Bodies

2 0. Introduction 0.1 Quality Council of India (QCI), India s apex quality facilitation and national accreditation body, and the Association of Indian Medical Device Industry (AIMED) have signed an MoU on 30 October 2014 to develop and operate voluntary certification programmes for Medical Devices in order to enable medical device industry to demonstrate adherence to the best international standards and enhance its credibility in the world market. While QCI and AIMED are the joint Scheme owners, the governing structure of the initiative is under a multi stakeholder Steering Committee and the initiative would be operated on a non-profit but self-sustaining basis. It would have a defined consensus based technical criteria laid down for the medical devices which would be evaluated by competent third party certification bodies. To identify the competence of certification bodies auditors for evaluation of technical criteria as devised and certification process, a multi stakeholders Certification committee is being formed. Certification bodies in turn would be accredited by the National Accreditation Board for Certification Bodies (NABCB), which is part of the international system of equivalence of accreditations and certifications, as per appropriate international standards. 0.2 The manufacturing facility requiring certification against this schemes are required to be certified ultimately by NABCB accredited Certification Bodies duly approved by the Quality Council of India, as the Scheme owner, and complying with the requirements as specified under this Scheme. The requirements that the Certification bodies need to comply with for getting approved by QCI under this Scheme are detailed in this document. 1. Scope and Purpose 1.1 This document specifies the QCI AIMED Voluntary initiative on medical devices here in after known as Indian certification for medical devices (ICMED) certification scheme, specific additional requirements that the certification bodies need to fulfil in order to be accredited by NABCB for their subsequent approval under the medical device manufacturer Certification Scheme operated by the Quality Council of India. 1.2 The certification bodies approved under this scheme shall then be able to offer the medical device manufacturer certification against the Criteria as the following scheme options: a) ICMED 9000, An ISO 9001: 2008 requirements Plus additional requirement b) ICMED 13485, An ISO 13485: 2012 requirements Plus additional requirements

3 c) ICMED Plus, ICMED Plus product specification as per MoHFW s Technical specifications 1.3 In order to be able to offer certification as stated above the certification bodies need to be accredited by NABCB as per the following requirements: For being able to offer certification for ICMED 9000, the certification body shall need to be accredited against ISO 17021:2011 for ISO 9001: 2008 and must have undergone an witness assessment by NABCB in last one year in scope sector IAF 19 (DL33.1) with additional requirements specified in this document For being able to offer certification for ICMED and ICMED Plus the certification body shall need to be accredited against ISO 17021:2011 for ISO 13485: 2012 and ISO 17065: 2012 respectively with additional requirements specified in this document and must have undergone an witness assessment by NABCB in last one year in the relevant scope sector as defined in IAF MD However if above criteria in & is not met then for provisional QCI approval for Medical Devices Certification can be granted for one year period subject to condition that certification bodies gets accredited by NABCB as per & above. For provisional QCI approval following criteria as & will apply For ICMED 9000 the certification body shall need to be accredited against ISO 17021:2011 by NABCB for scope sector IAF 19. The CB shall undergo an office assessment for additional requirements specified in this document and an witness assessment by NABCB for medical devices under scope sector IAF 19 (DL33.1) For ICMED the certification body shall need to be accredited against ISO 17021:2011 from NABCB for ISO 13485: 2012 or from any IAF MLA signatory AB. The CB shall undergo an office assessment for additional requirements specified in this document and an witness assessment by NABCB under scope sector IAF 19 (DL33.1) For being able to offer Medical devices Certification for ICMED Plus, the certification bodies shall need to be accredited against ISO 17065:2012 for the additional requirements specified in this document and requirement as specified in above. 1.5 The requirements prescribed in this document are additional requirements that the certification body shall fulfil. Irrespective of which scheme (refer clauses 1.3 and 1.4 of this document) the certification body opts for, the requirements mentioned in each clause, whether they pertain to ISO 17065: 2012 or ISO 17021: 2011, shall apply. 2. General Requirements 2.1 Legal and Contractual Matters In addition to the requirements as specified in the respective accreditation standards (clauses 4.1 of ISO17065:2012 and clauses 5.1 of ISO 17021:2011) following requirements shall apply:

4 2.1.2 Certification agreement The certification body shall ensure that its certification agreement requires that the Manufacturing facility comply with the following requirements in addition to those specified in the respective standards as above: a) Always fulfill the certification requirements including product requirement as specified in the ICMED 9000, ICMED and ICMED Plus documents, the certification process described in the document Indian Certification for Medical Device Certification Process and the requirements specified in this document as applicable and the changes in them as communicated by the certification body, time to time; b) The certified manufacturing facility and its processes always fulfils the certification requirements; c) The liability on account of non-conforming processes/ products shall rest with the certified manufacturing facility. d) The manufacturing facility makes all necessary arrangements for the conduct of the initial and recertification onsite audit/evaluation, surveillance onsite audits/evaluations (announced and surprised), onsite special/short notice audits/evaluations for the purpose of complaints investigation, etc. It shall also include provision for examining documentation and records, and access to the relevant equipment and facilities, products, location(s), area(s), personnel, and Manufacturing facility s subcontractors; e) The manufacturing facility shall make claims regarding certification only in respect of the location and the scope for which certification has been granted; f) The Manufacturing facility shall endeavor to ensure that no certificate or report nor any part thereof is used in a misleading manner; g) Keeps a record of all complaints made known to the Manufacturing facility relating to the compliance with certification requirement and to make these records available to the certification body for its verification. The Manufacturing facility shall also agree to take appropriate action with respect to such complaints and any deficiencies found in products/process in accordance with the requirements of the Scheme; h) The Manufacturing facility shall inform the certification body, without delay, of matters that may affect its ability to conform to the certification requirements. These shall include changes in: i. The legal, commercial, organizational status or ownership, ii. Organization and management (e.g. key managerial, decision-making or technical staff), iii. Contact address and production sites/premises, iv. Modifications in processes or the production methods, changes in manufacturing/testing equipment and in the internal control measures which are significant in nature. v. Any other information indicating that the manufacturing facility may no longer comply with the requirements of the certification criteria and the certification scheme.

5 Records kept by the Manufacturing facility in respect of the complaints received and their resolution shall be verified by the certification body during the surveillance visits to the Manufacturing facility s premises The Manufacturing facility shall agree for re-audit/evaluation by the certification body as per the requirement of the certification scheme, in the event of changes significantly affecting its capability to comply with the requirements of the certification scheme The Manufacturing facility shall also agree for re-evaluation by the certification body, in the event of changes in the standards to which compliance of the manufacturing facility is certified In addition to the requirements as specified above the requirements specified vide clauses 2.5 (confidentiality) shall also be part of the agreement with the Manufacturing facility Use of licence, certificate and marks of conformity - In addition to the requirements as specified in the respective accreditation standards (clause of ISO17065:2012 and clause 8.4 of ISO 17021:2011) following requirements shall apply: The certification body shall document clear instructions regarding appropriate use of certification mark/certificate and for providing information about certification status by its clients. It shall also identify the aspects that would be considered as misleading and unauthorised as relevant to the relevant certification scheme. The certification agreement shall make appropriate cross references to the above document, so as to make it legally binding. In no case, the mark shall be used to imply that the medical device/product is certified In case the certification body runs more than one product/process certification schemes, then it may document a procedure specifying generic requirements common to all schemes and in line with the requirements of ISO/IEC 17065:2012 and additional section with specific requirements as specified for the ICMED certification scheme The certification body shall ensure that the Certificate is used only with reference to specific manufacturing facility. Accordingly the Certification Mark shall be put on the packaging of product (Individual or final) (Also refer Labelling guidelines) carrying reference to the supplies made by the certified manufacturing facility and shall carry the following information as minimum: a) Certification Mark. (Under certification mark, CB s identification by way of numerical as given by QCI or accreditation board and certificate no. will be marked) b) CB Logo (Optional) Certification mark shall be put only on the packaging of products which are mentioned in the scope of certificate issued by certification body and address of the manufacturing facility mentioned therein The certification body shall have documented procedures for the measures to be adopted in case of non-compliances to specified requirements with respect to use of certification mark, misuse, including false claims as to certification and false use of certification body marks and these shall be part of its agreement with the certified manufacturing facility. The

6 procedure shall include the process steps and the actions (including penal actions as relevant), the certification body intends to take in the event of observing misuse/misleading use of ICMED certification certificates and marks The certification body shall ensure that the applicants are not misusing the certification mark in any way prior to grant of certification. 2.2 Impartiality related requirements In addition to the requirements as specified in clauses 4.2 ISO17065:2012 and clauses 5.2 of ISO 17021:2011, following requirements shall apply. The requirements as specified above are applicable to both the schemes as specified in clause 1.2 of this document The top management s commitment to impartiality shall be demonstrated through: a) Documenting the certification body s policy on safeguarding impartiality and ensuring that it is understood at all levels of the organization. Implementing good practices like establishing Code of Conduct and requiring internal and external personnel to abide by it. b) Having a defined institutional structure and impartiality policy and procedures, appropriate implementation of these policy and procedures and operation and conduct of its activities and personnel. c) Having a system that ensures appropriate management of conflict of interest for ensuring objectivity of its certification functions. d) Taking action to respond to any threats to its impartiality arising from the actions of other parts of the organization, persons outside of the organization, subcontractors, related bodies or other bodies or organizations. e) Maintaining a professional environment and culture in the organization that supports a behaviour of all personnel that is consistent with impartiality. f) Making available to public through its website, its policy on impartiality The certification body shall not have any relationship with the Manufacturing facility except third party conformity assessment. There shall be a minimum separation of 2 years before application can be entertained, in case the certification body has had relationship which is generic (not medical devices Design/ processes/product/packaging & labelling/ Marketing related) in nature, for example, internal audit training, etc. In cases where the relationship pertained to medical devices specific (Design/ processes/product/packaging & labelling/ Marketing related) activities trainings, etc, then the certification body shall carry out impartiality risk analysis before entertaining the application. Purpose of risk analysis shall be to ascertain if, longer separation than two years is required from the last date of end of relationship as stated above or that the risk is of such unacceptable level so as to prohibit certification by the certification body. Based on the risk analysis appropriate decision shall be taken and the justification for the same shall be recorded Although, testing is considered as a conformity assessment activity, in case the certification body (the legal entity) also has a laboratory and if the manufacture facility it has certified/intends to certify, has a

7 contract/arrangement for getting all its raw material and products samples, as per the frequency described in the relevant standards/ customer requirements then this is considered as an unacceptable threat to impartiality. In such cases the certification body shall not certify such manufacture facility Requirement in above is not applicable in case the manufacture facility uses a number of NABL accredited laboratories by rotation or otherwise. This provision shall also be applicable if the laboratory is a separate business unit within same legal entity as the certification body as well as if the lab belongs to a related body (a separate legal entity). Note Definition of Related Body is based on the relationships as described in Note under clause of ISO 17021: If the certification body and its Manufacturing facility(s) are both part of government, the two bodies shall not directly report to a person or group having operational responsibility for both. The certification body shall, in view of the impartiality requirement, be able to demonstrate how it deals with a case where both itself and its Manufacturing facility(s) are part of government. The certification body shall demonstrate that the applicant receives no advantage and that impartiality is assured When a relationship poses an unacceptable threat to impartiality then certification shall not be provided. Some of these situations requiring prohibitions as mitigation measures have been described vide clause of ISO 17065:2012 and clause 5.2 of ISO 17021:2011. These shall be implemented together with the additional ones provided in this document In case the related body (see note under clause of this document) is engaged in any of the activities as specified in clause of ISO 17065:2012 or activities like management system consultancy, internal auditing or training, then certification shall not be provided to the relevant Manufacturing facility to whom these services may have been provided by the related body. There shall be a minimum separation of 2 years, in case the related body has had relationship which is generic (not specific) in nature, for example, internal audit training, etc. In cases where the relationship pertained to medical device manufacturing specific (Design/processes/product/Packaging & labelling/ Marketing related) activities, etc, then the certification body shall carry out impartiality risk analysis before entertaining the application. Purpose of risk analysis shall be to ascertain if, longer separation than two years is required from the last date of end of relationship as stated above or that the risk is of such unacceptable level so as to prohibit certification by the certification body. Based on the risk analysis appropriate decision shall be taken and the justification for the same shall be recorded The certification body shall not certify a manufacturing facility on which a manufacturing facility has received consultancy for Design/processes/product/Packaging & labelling/ Marketing related, internal evaluations/audit or training, where the relationship between the consultancy organization/individual and the certification body poses an unacceptable threat to the impartiality of the certification body. Allowing a minimum period of two years to elapse following the end of the relationship product consultancy

8 is one way of reducing the threat to impartiality to an acceptable level however, it shall be considered based on the nature of services offered The certification body shall not outsource/subcontract any part of the certification work, evaluation, marketing, etc, to a legal entity that is engaged in designing, manufacture, installation, distribution or maintenance of the medical devices. It shall also not be outsourced to organizations who are engaged in management system consultancy, internal auditing and training and similar services to manufacturing facilities All certification body personnel, either internal or external, or committees, who could influence the manufacturing facility certification activities, shall act impartially and shall not allow commercial, financial or other pressures to compromise impartiality. Certification bodies shall require personnel, internal and external, to reveal any situation known to them that may present them or the certification body with a conflict of interests. These aspects shall be ensured through a signed agreement between the individuals and the certification body. Certification bodies shall use this information as input to identifying threats to impartiality raised by the activities of such personnel or by the organizations that employ them, and shall not use such personnel, internal or external The certification body s personnel involved in certification activities shall be bound by the certification body s impartiality policy and act impartially in their work through contractual or employment conditions and assignment conditions for each evaluation/audit activity. The certification body shall also take an undertaking with respect to freedom from conflict of interest for every audit/evaluation assignment allotted to the individuals The certification body s personnel involved in certification activities shall not provide, while carrying out evaluation/audit, any advice, consultancy or recommendation to the manufacturing facility on how to address any deficiencies that may be identified during the evaluation/audit The certification body shall require its personnel, internal and external, to report any situation of influence or pressure from the manufacturing facility that may threaten their independence in the course of certification activities. Based on such report, the certification body shall take appropriate actions to ensure its independence in its certification work The certification body shall be responsible for ensuring that neither related bodies, nor sub-contractors, nor internal or external assessors/auditors operate in breach of the undertakings that they have given. It shall also be responsible for implementing appropriate corrective action in the event that such a breach is identified The certification body shall ensure that a conflict of interest analysis is carried out in accordance with the requirements specified in clauses 4.2.3/4.2.4 of ISO 17065:2012 and clause of ISO 17021:2011, at least once annually and whenever a significant change occurs in the CB s activities, such as changes in the organizational structure and business activities or of the legal status and mergers with, or acquisitions of other organizations. This analysis shall be approved by the impartiality committee (see clause 3.3 of this document) established by the certification body.

9 Further, where risks to impartiality have been identified as a result of risk analysis (clause ), the certification body shall establish and implement a documented procedure for mitigation of threats against impartiality. These shall be through any of the following mitigation means: a) Not provide certification, since the situation poses unacceptable threat to impartiality prohibition. Some of the prohibitions are already stated in the respective standards (ISO 17065:2012 and ISO17021:2011) and this document. b) Carry out the certification in a restricted manner based on disclosures c) Minimize the risks on the basis of clearly defined control points to ensure mitigation. 2.3 Liability and financing In addition to the requirements as specified in clause 4.3 of ISO17065:2012 and clause 5.3 of ISO 17021:2011, following requirements shall apply. The requirements as specified above are applicable to all the schemes as specified in clause 1.2 of this document The certification body shall also be able to demonstrate that it has evaluated the risks arising from its certification activities and that it has adequate arrangements (e.g. insurance or reserves) to cover liabilities arising from its operations in each of its fields of activities and the geographic areas in which it operates The certification body shall be able to demonstrate that it has a reasonable expectation of being able to provide and to continue to provide the service in accordance with its contractual obligations. Certification bodies shall also be able to provide sufficient evidence to demonstrate its viability, e.g. management reports or minutes, annual reports, financial audit reports, financial plans, etc The means by which the certification body obtains financial support shall be such to allow the certification body to retain its impartiality In addition to the above the certification body shall also demonstrate to the Impartiality committee, that initially, and on an ongoing basis, commercial, financial or other pressures do not compromise its impartiality. 2.4 Non-discriminatory conditions The certification body shall have means of demonstrating compliance to this requirements of ISO 17065:2012 (clause 4.4), through its policies and procedures as well as actual practice The certification body s policies and procedures shall ensure that it does not practice any form of hidden discrimination by speeding up or delaying the processing of applications Certification Fees The requirements as specified in clause 11 of the document Medical devices manufacturer Certification Process shall apply The certification body s fee structure shall be publically available on its website. The structure may be generic in nature and shall generally include break up of costs.

10 On request from a specific applicant/client, based on the specific conditions concerning the applicant, the certification body shall inform the applicable fees, which shall essentially be derived from the fee structure made publicly available. It shall not substantially defer from the one available publicly, unless some plausible justifications are recorded. 2.5 Confidentiality - In addition to the requirements as prescribed in the respective accreditation standards (clause 4.5 of ISO17065:2012 and clause 8.5 of ISO 17021:2011) following requirements shall apply: Personnel, including any committee members, contractors, personnel of external bodies or individuals acting on the certification body's behalf, shall keep confidential all information obtained or created during the performance of the certification body's activities. There shall be a mechanism such as obtaining signed confidentiality agreements, etc, for ensuring the same The certification body shall have available and use equipment and facilities that ensure the secure handling of confidential information (e.g. documents, records) When confidential information is made available to other bodies (e.g. accreditation body, agreement group of a peer assessment scheme), the certification body shall inform manufacturing facility of this action, in advance, through agreements, etc In case of transfer of certificate or application, when the manufacturing facility decides to move from one certification body to another certification body, the certification body to which the manufacturing facility is now moving may ask the previous certification body for information on the reasons for such movement or the performance of the manufacturing facility with respect to the certification requirements. The previous certification body shall be obliged to share this information within a reasonable time, not exceeding 10 days from the date of receipt of the request. Such information shall not be considered as confidential and the certification body shall inform its manufacturing facility of this requirement, in advance, through agreements, etc. 2.6 Information Requirements - In addition to the requirements as specified in the respective accreditation standards (clause 4.6 of ISO17065:2012 and clauses 8.1, 8.3, 8.6 of ISO 17021:2011) and the document Medical devices manufacturer Certification Process, the following requirements shall apply: Publicly available information Making the information publicly available through the certification body s website shall be the only means of meeting this requirement The following information with respect to Medical devices manufacturer certification Scheme shall be made publicly available on the certification body s website. The information provided shall be accurate, non-misleading and where relevant detailed enough for the reader to clearly understand: a) Information related to the terms and conditions of certification and the use of certificates/certification mark for Medical devices manufacturer certification scheme, as contained in the Certification Agreement (clause 3 of this document). A description of the rights and duties of applicants and clients, including requirements, restrictions or limitations on the use of the

11 certification body's name and certification mark and on the ways of referring to the certification granted. b) The CB may also provide any other guidance documents on the certification criteria for the benefit of the applicant, as long as they are not advisory/consultative in nature. c) The certification body shall make publicly available on its website the information about applications registered and certifications granted, suspended or withdrawn. d) On request from any party, the certification body shall provide the means to confirm the validity of a given certification and the provision for the same shall be made available on the website. e) The certification body shall maintain and make publicly available on its website, a directory of valid certifications under Indian certification for Medical devices certification scheme that as a minimum shall show the name, relevant certification criteria, scope and geographical location (e.g. city and country) and contact details for each applicant and certified manufacturing facility and validity of certification for the certified manufacturing facility(s). Please also see additional requirements given in the document Indian certification for Medical devices Certification Process (clause 1.3), which are required to be placed on the certification bodies website The certification body shall also make arrangement for providing and up-dating of information with respect to status of certified Manufacturing facility(s), based on classification of non-conformities raised during audits/evaluations The certification body shall have procedure for frequent updating of the information on its website. The responsibilities for ensuring accuracy of the information made available on the website, ensuring frequent updates, etc shall be documented The information on complaints handling process and the certification body s procedure shall be directly available to the public, without the public having to go through layers of cross linkages Information exchange between a certification body and its clients Information on the certification activity and requirements- The certification body shall provide and update clients on the following: a) a detailed description of the initial and continuing certification activity, including the application, initial audit/evaluation, surveillance audit/evaluation, and the process for granting, maintaining, reducing, extending, suspending, withdrawing certification and recertification; b) the certification criteria for Medical devices manufacturer certification scheme; c) information about the fees for application, initial certification and continuing certification; d) the certification body's requirements for prospective clients;

12 e) documents describing the rights and duties of certified manufacturing facility(s) as well as obligations on part of the certification body including the changes within certified manufacturing facility that need to be informed to the certification body [see clause 3.1.1h) of this document]; information on procedures for handling complaints (both by the certification body as well by the certified manufacturing facility, in respect of complaints against certified facilities and appeals; Based on the changes affecting certification, including those initiated by the client the certification body shall decide upon the appropriate actions in accordance with its documented procedure, which shall include any of the actions as specified in clause of ISO 17065: 2012, singly or in combination. Responsibility for deciding about the course of actions to be taken shall also be documented. 3. Structural requirements 3.1 In addition to the requirements as specified in the respective accreditation standards (clause 5 of ISO17065:2012 and clause 6 of ISO 17021:2011) following requirements shall apply: 3.2 Organizational structure and top management The organization structure shall include structure of the parent body (legal entity) if separate from the department/division that offers certification. It shall also include structure of the related departments in relation to the department offering certification services The certification body shall identify and document all related bodies (separate legal entities) as well as other departments of the same legal entity and their activities and functions and their relationships with the certification body when describing its organizational structure. This shall cover all relationships and related bodies, bodies related to the certification body based on ownership; governance; management; management personnel; shared resources, finances, contracts and marketing. The activities of all related bodies shall also be documented for the purpose of identifying any potential conflict of interest. The certification body shall also have a system for disclosure and documentation of the types of activities carried out by its internal and external personnel and subcontractors in general and in particular regarding the designing of relevant product/process/service, consultation, internal evaluation/auditing, training, etc. The above information shall also be used for identification of actual/potential risks to impartiality The identification of responsibilities, however done, shall clearly and unambiguously reflect the responsibilities for activities/functions as described vide clause a) to n) of ISO/IEC 17065:2012 and clause a) to i) of ISO 17021: The requirement specified vide clause of ISO/IEC 17065:2012 shall cover the Impartiality committee and any other committees, if established by the certification body for certification scheme development, planning for certification evaluation (sampling and determination), certification review and decision making, appeals process, etc. 3.3 Mechanism (Impartiality Committee) for safeguarding impartiality

13 3.3.1 An Impartiality committee with specific responsibility for safeguarding the certification body s impartiality in its certification functions and for ensuring that the policy on safeguarding impartiality and related procedures and other systems are effectively implemented shall be the only means of fulfilling this requirement. The impartiality committee as specified in clause 6.2 of ISO 17021:2011 will fulfil the requirement as specified in this document The Impartiality Committee shall: a) Assist the certification body in developing the policies relating to impartiality of its certification activities, b) Counteract any tendency on the part of a certification body to allow commercial or other considerations to prevent the consistent objective provision of certification activities, c) Advise on matters affecting confidence in certification, including openness and public perception, and d) Conduct a review, as least once annually, of the impartiality of the audit, certification and decision making processes of the certification body. e) Approve the conflict of interest analysis and the mitigation measures described in clause of this document. Other tasks or duties may be assigned to the committee provided these additional tasks or duties do not compromise its essential role of ensuring impartiality. The composition, terms of reference, duties, authorities, competence of members and responsibilities of this committee shall be formally documented and authorized by the top management of the certification This committee shall meet regularly, at least once a year, and a complete record of the proceedings of this committee shall be maintained The certification body shall ensure that a) The committee for safeguarding impartiality shall be separated from the management of the certification body operations and established at the highest level within the organization, independent of its day-to-day operations. b) In the composition of the committee, participation of key interested parties shall be ensured, with a representation of a balance of interests such that no single interest predominates. Internal or external personnel of the certification body are considered to be a single interest, and shall not predominate. c) Its chairman shall be a person independent from and external to the certification body Impartiality Committee meetings may be observed by the Accreditation Body s Assessment Teams as part of the Certification body s accreditation process Although every interest cannot be represented in the mechanism, a certification body shall identify and invite significantly interested parties. Such interests may include: clients of the certification body customers of organizations whose management systems are certified, representatives of industry trade associations, representatives of governmental regulatory

14 bodies or other governmental services, or representatives of nongovernmental organizations, including consumer organizations. The invited representative to impartiality committee shall be some way related to medical devices field. 4. Resource related and team competence requirements 4.1 In addition to all generic personnel related requirements as specified in clause 6 of ISO17065:2012 and clause 7 of ISO 17021:2011 following specific requirements shall apply: 4.2 Audit/evaluation team competence The auditors/evaluators used by the certification body to carry out the audit/evaluation of the manufacturing facility against the criteria as described in clause 1.2 above shall have all the following qualifications as described below: (i) A graduate in Bio Technology or pharmacy or degree in Electrical Engineering or Electronics Engineering or Chemical Engineering or Bio Medical Engineering or Mechanical Engineering from a University recognized by the Central Government for such purposes. (ii) Desirable Two years experience of manufacturing or research or Quality Assurance in Medical Device field. (iii) Auditor experience, For a first authorization, the auditor shall comply with the following criteria, which shall be demonstrated in audits under guidance and supervision: a) For ICMED Have gained experience in the entire process of auditing medical device quality management systems, including review of documentation and risk management of medical devices, implementation audit and audit reporting. This experience shall have been gained by participation as a trainee in a minimum of two audits for a total of at least 10 days in an accredited QMS program, b) For ICMED 13485, this experience shall have been gained by participation as a trainee in a minimum of two audits for a total of at least 10 days in an accredited ISO program in addition to (a) above. c) In addition to criteria a) & b), audit team leaders shall have performed as an audit team leader under the supervision of a qualified team leader in at least three ISO 9001: 2008 audits for ICMED 9000 and ISO 13485: 2012 audits for ICMED d) Required types of knowledge and skills for personnel involved with the ICMED certification activities are defined in Annexure B of IAF MD 9 shall be applicable. Refer IAF MD 9: 2015 for further guidance for ICMED auditor competence and experience requirements.

15 The auditor/evaluator involved in offsite documentation review of information received with the application/ document review before going for onsite assessment shall have the qualifications as described in clause of this document The certification body may use auditors who do not have the requisite qualifications in relevant scope sector as defined in Annexure A of IAF MD 9: 2015 provided they are supported by technical experts (TEs) who meet the qualifications at (i) & (ii) above and Annexure-B of IAF MD 9: The time spent by the TE on an audit shall be in addition to the audit time as prescribed under the Certification Process which the CB is expected to spend One of the auditors/evaluators in the team shall be nominated as the team leader. The team leader shall be an ISO 9001: 2008 TL Auditor for ICMED 9000, ISO 13485: 2012 TL Auditor for ICMED and ICMED Plus, qualified as team leader as per the requirement given in ISO 17021: The certification body will have a system for qualifying lead auditor/evaluators for Indian Certification For Medical devices manufacturer certification scheme, based on experience of having performed i. For ICMED 9000 At least three audits/evaluations under the medical devices manufacturer certification ICMED 9000 scheme. For one time initial qualification, some other evaluation methods such as audit experience as team leader in other similar areas, may be used. ii. For ICMED 13485, At least three audits/evaluations under the medical devices manufacturer certification ICMED scheme. For one time initial qualification, some other evaluation methods such as audit experience as team leader in other technically similar areas, may be used. iii. For ICMED Plus, Requirements as described in (ii) above and at least three audits/evaluations under the specific medical devices. For one time initial qualification, some other evaluation methods such as audit experience as team leader in other technically similar areas, may be used While carrying out audit/evaluation of a manufacturer facility for ICMED criteria requirements as specified, the audit team shall collectively have competence as specified in clauses and above. 4.3 Other certification body personnel as relevant to the Indian certification for Medical devices certification scheme - Other certification body personnel involved in the scheme certification evaluation activities shall have the competence as stated below: Application Review personnel The functions to be carried out by the personnel involved in review of application review is to confirm the adequacy of the information provided by the applicant and identification of the deficiencies observed. Further in case the application reviewer also needs to carry out mandays estimation and team nomination, the persons involved in application review process, shall have thorough knowledge of Indian certification for Medical devices certification scheme requirements as defined in this document and certification process documents, in addition to meeting the requirements specified in the relevant requirements for application review

16 personnel as specified in ISO17021:2011. The application review personnel shall be qualified based on experience of having performed at least three applications under the Indian certification for Medical devices certification scheme or through any other equivalent route Technical Reviewer The certification body personnel involved in technical review function shall have the same requirement as that specified in clause of this document. the technical reviewer shall also meet the qualification criteria as specified in the relevant requirements of ISO17021:2011 and shall preferably be qualified on the basis of demonstrated competence to carry out the review function say based on experience of having performed at least three technical reviews under the Indian certification for medical devices manufacturer certification scheme. The technical reviewer shall be independent from the audit/evaluation team. Only person(s) employed by the certification body or on long term (2 3 years) full time contract with the certification body shall be entrusted the responsibility of technical review functions Decision maker - Any authorized person(s) of the certification body, independent of the persons involved in the evaluation function. a) The person(s) or committee, who take(s) the decision on granting certification under the the Medical devices manufacturer certification scheme, shall have a level of knowledge and experience sufficient to evaluate the information obtained from the evaluation process and the review. b) The technical review and the decision may be completed concurrently by the same person(s), provided they fulfil the necessary requirements as specified in clause above and has been specifically authorized for decision making functions. c) Impartiality and absence of conflict of interest shall be ensured before entrusting the task of certification decision making. 5. Certification process requirements 5.1 The certification body shall establish appropriate operational systems (internal processes and procedures) for carrying out certification activities as per the requirements documented in the Indian certification for Medical devices certification scheme Certification Process of the Scheme and meeting the generic certification process requirements as stated in respective standards clause 7 of ISO 17065:2012 and clause 9 of ISO 17021: The certification body may also develop and document any additional guidance documents considered essential for uniform application of the certification criteria and certification/scheme requirements by its personnel and for the purpose of knowledge sharing. 5.3 Application requirements - The certification body shall design an application format to ensure receipt of all the relevant information in accordance with the requirements specified in clause 1.4 of the the Indian certification for Medical devices certification scheme Certification Process, from the applicant manufacturer facility. While designing the application format, the relevant requirements as specified in ISO 17065:2012 and ISO17021: 2011, shall also

17 be considered. In addition, the certification body shall also ensure receipt of all the relevant requirements for carrying out appropriate impartiality checks as per requirements specified in clause 2.2 of this document. 5.4 Reporting requirements - At the end of the surveillance /recertification onsite audit/evaluation of manufacturing facility as a carried out by the certification body s audit team, a summary report of the findings shall be handed over to the manufacturing facility by the CB. The summary report shall essentially contain the following details: a) Name of the manufacturing facility, b) Date of audit/evaluation, c) Audit Criteria d) Scope of certification e) Audit team details, f) Compliance to criteria g) Compliance to Labeling requirements/ sterility h) Details of complaints and handling i) Number of non-conformities raised and their categorization, j) Time lines for non-conformity closure k) Audit conclusions / recommendations, if any. 5.5 Certification Document The certificate to be issued to certified manufacturing facility for the options as specified in clause 1.2 of this document shall be as per the certification document template as enclosed vide Annex A. 5.6 Complaints and appeals handling system All the requirement as specified in clause 7.13 of ISO 17065:2012, clauses 9.7, 9.8 of ISO 17021:2011, those specified in clause 8 of the document Medical device manufacturer Certification Criteria are applicable in addition to those specified below: In case of complaints related to a certified Manufacturing facility and the products manufactured by the certified Manufacturing facility, then the examination and evaluation of the complaints shall take in to consideration the effectiveness and implementation of the Manufacturing facility s applicable audit criteria (i.e certification Level for which Manufacturing facility is certified). The process of establishing validity of the complaint shall generally involve processes like conduct of additional surveillance activities visit to certified Manufacturing facility s premises for special evaluation, testing and evaluation of the manufacturing process as per implemented system in the manufacturing facility, if necessary. The decisions on complaint shall then be based on the result of additional surveillance activities The certification body s complaint handling process shall document the actions to be taken by the certification body as well as the certified Manufacturing facility, in case the complaint is established to be valid and manufacturer s controls are found to be non compliant with the specified

18 criteria. Some of these actions/conditions shall also be included in the certification body s legally enforceable contract with the Manufacturing facility In respect of appeals, the certification body shall ensure that the individual(s)/committee entrusted with handling of appeal and its resolution/ decision shall be independent of the persons involved in certification related recommendations and decision and their position in the certification body shall be such that it shall not be possible to influence their decisions with respect to the subject of the appeal The procedure shall also have provision for giving a written statement to the appellant, of the appeal findings including the reasons for the decisions reached and also communicating to the appellant about the provision for giving an opportunity to formally present his case. Based on the presentation made, the individual or a committee appointed for hearing the case shall take a final decision on the appeal and a formal notice of the outcome and the end of the appeal process shall be given to the appellant. 6. Management system requirements 6.1 In addition to the requirements as specified in the respective accreditation standards (clauses 7.12, 8 of ISO17065:2012 and clauses 9.9, 10 of ISO 17021:2011) following requirements shall also apply: 6.2 Documentation requirements The certification body shall document its Indian certification for Medical device scheme specific documentation in in accordance with the requirements specified in the document Indian certification for Medical device scheme Certification Process and this document, in order to ensure that the certified Manufacturing facilities comply with the requirements specified in ICMED 9000, ICMED and ICMED Plus, as applicable All applicable requirements of the above document shall be addressed either in a manual or in a combination of manual and associated operational procedures. 6.3 Requirements with respect to records Records of Applicant and Clients The certification (applicants and clients) related records shall include records for all Organizations, including all organisations that submitted applications, and all organizations evaluated, manufacturer facility certified or with certification suspended or withdrawn/cancelled. Specifically the records shall include the following: a) Application information and results of application review and mandays estimation and team competence records; b) Audit/Evaluation planning including decision on site visits in case of multisite certification and preparation records, evaluation plans and other related records; c) Justification for evaluation time determination d) Records of initial/surveillance and recertification audit/evaluation reports and related records; e) Records of verification of correction and corrective actions;